Rynardt Spies

After passing the VCDX Enterprise Admin Exam in July, I have booked the design exam for 20 September in the hope that if I pass the design exam, I will only have to sit the VCDX 4 design exam in order to qualify for the VCDX defence session. However, I received a notification from Pearson that VMware has asked to retire the VCDX 3 exams on 30 August 2010.

I therefore had to either reschedule the design exam to an earlier date or cancel the exam. As there are now no appointments available prior to 30 August I had to cancel the exam. This is slightly annoying as it means that rather than just having to pass the vSphere 4 design exam, I will now have to go and sit the VCDX Admin exam for vSphere 4 as well. And for those who don’t yet know, you DON’T want to sit that Admin exam twice!

Although there are “many” “new” features in vSphere 4.1, there are many changes that have been made “under the hood”. I noticed this whilst I was playing with the beta. One of these changes is the way the vpxa agent enforces admission control in ESX/ESXi.

The Steering Committee are pleased to announce the next UK London VMware User Group meeting, kindly sponsored by EMC to be held on Thursday 15th July2010. We hope to see you at the meeting, and afterwards for a drink or two, courtesy of VMware.

Our meeting will be held at the Thames Suite, London Chamber of Commerce and Industry, 33 Queen Street, London EC4R 1AP, +44 (0)20 7248 4444. The nearest tube station is Mansion House, location information is available here. Reception is from 1230 for a prompt 1pm start, to finish around 5pm. Our agenda looks something like this:

1100 – 1200 (Optional) Interactive PowerCLI / Powershell workshop – Alan Renouf Note: If you would like to participate in Alan’s workshop, please bring a laptop, preferably with the most current PowerCLI and PowerShell binaries installed.

To register your interest in attending, please send an email to londonvmug at yahoo dot com with up to two named attendees from your organisation. If you do not receive a confirmation mail, please don’t just turn up since we will not be able to admit you to the meeting. Please separately mention if you intend attending Alan’s PowerCLI workshop at 1100. Content from the meetings will continue to be uploaded to www.box.net/londonug, NDA permitting.

It's been a while since I've last posted anything on here. The last few months have been very busy. I have 10 articles and technical guides in draft that I need to complete and post on the site, but I just don't have the time to complete them at the moment. I'll try and find some time soon to get through the backlog of posts.

So, yesterday I had to go and sit the VMware VCDX Enterprise Admin Exam (VCE310). Although, a few weeks after I had booked my seat for the VCE310 exam, the good people at VMware had come up with the new certification tracks that includes the new VCDX4 certification. I then for a moment was contemplating cancelling my booking for the VCE310 exam, but after thinking it through for a bit and also taking into account the fact that I had to wait for quite some time to get a VCE310 booking from VMware, I decided to go ahead and site the VCE310 anyway.

As I mentioned earlier in the post, things have been very busy the last few months and I hardly had any time to prepare for the exam. For that reason, I arrived at the testing centre yesterday, prepared to take a kicking from the exam. I knew that in the case of me failing the exam, I would at least know what to expect from future attempts.

I'm sure you have seen may posts form gurus that have taken the exam before, so I'm not going to go into too much detail on the exam. To state the obvious, as I'm also under NDA, I will not be able to discuss any questions that were asked either.

The VCE310 exam is split into two parts, each accounting for 50% of your final score. The first part of the exam is the same format as the VCP exam based on questions with multiple choice answers. As I started to work my way through these questions, I realised that it's not actually as hard as I'd first anticipated. However, towards the middle of the first section, I noticed that the exam was starting to get more and more tricky as it was focusing the questions based on a particular technology that I don't know all that much about. I'm not sure if the exam system adapts to your weaknesses or strengths, but I did notice that the system kept on asking me questions around this same technology. Almost as if it knew that I sucked at it! However, towards the end of the first section, I felt as if I was getting back on top of the fight and that the questions asked were fair and reasonable, whatever that might mean.

The second half of the exam is a live LAB. Unlike most exams with LAB environments that basically only emulate a small part of the software that the question is based around, this was actually a live lab running on live servers with real IP addresses user accounts, RDP sessions, remote console sessions, Putty SSH sessions and DNS entries. Every keystroke and mouse movement is tracked and recorded for whomever that will score your efforts to interrogate.

Now, at first I thought "I work with this stuff in large enterprise data centres every day of my life, so this should be easy as." I was wrong. First of all, because you know that your every move is recorded, it adds extra pressure. Also, the remote console session to the live LAB environment wasn't the best. It was “glitchy” and had poor response times. One example is that I had difficulty seeing the navigation tabs in the VI client. But that's the easy part. What I did find very hard was the fact that if you don't know how to do something that can only be done from the CLI using Putty, you basically couldn't perform the tasks asked in the lab question. It's as simple as that. If you don't know how to enable or disable root access for SSH (and this is just an easy example, the real lab questions are much more complicated and harder that this), you simply don't know and you won't be able to answer that question.

In regards to my efforts in the LAB environment, there were two questions that I genuinely didn't have a clue on. Whether that will be enough left out for me to fail? We'll I'll know within 12 days from now. All I know is that when I got home last night, I jumped straight onto my lab to try and find the answers to the two question that I couldn't do in the lab, and to say the least I was kicking myself within 10 minutes of logging onto my lab! As Homer Simpson would say... Doh!

All in all I think the exam is composed to be very failr and reasonable. If I do fail the exam, it won't be because the exam was too hard, but it would be because I did not study. It's as simple as that.

Anyway, up an onwards. If I pass, it would be a bonus. If I fail, then oh well, you win some and you lose some. At least I know now what is expected in the exam, something that even the exam blueprint can't give 100% clarity on.

I've been working on the topic of replacing SSL Certificates for VMware vCenter and VMware Update Manager Server (VUM) for quite some time now. Earlier in May 2010, I had the privilege to consult a large financial institution in London on VMware and Virtualisation. The consultancy engagement was for only one week and one of my assignments was to create and document a procedure for replacing their SSL certificates on all of their very many vCenter and VUM servers. Now, at first when asked to this piece of work, I asked myself the question: "Other than maybe improving security, why would you want to replace these SSL certificates anyway?" I mean, the standard once generated when you install the vCenter and VUM servers seem to be working fine. However, the more I started to dig into their environment, the more I realised just why they wanted to replace the SSL certificates on these servers. Let me explain:

The rui.key and rui.crt files will be used by VMware products as replacement SSL Certificate files. However in addition to these two files a PFX-formatted certificate file called “rui.pfx” specific for Windows must be created. The “rui.pfx” file is a concatenation of the system’s certificate and private key, exported in PFX format.

Now that we have used OpenSSL to generate a new SSL certificate request, we need to submit the request to a Certificate Authority in order to sign a new SSL Certificate based on the request. OpenSSL has now generated the request and saved the request in rui.csr. We now need to open the rui.csr file using Wordpad. Once the file has been opened in Wordpad, we will copy the entire contents of the file to the clipboard.